Main Vulnerability Database Vulnerabilities #VU13209

Security restrictions bypass in Cisco Prime Collaboration Provisioning - CVE-2018-0321

Published: June 7, 2018

Vulnerability identifier: #VU13209

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0321

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Prime Collaboration Provisioning

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions and access the Java Remote Method Invocation (RMI) system.

The vulnerability exists in Cisco Prime Collaboration Provisioning (PCP) due to an open port in the Network Interface and Configuration Engine (NICE) service. A remote attacker can access the open RMI system on an affected PCP instance and perform malicious actions that affect PCP and the devices that are connected to it.

How to mitigate CVE-2018-0321

Update to version 12.1.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access

Security restrictions bypass in Cisco Prime Collaboration Provisioning - CVE-2018-0321

Detailed vulnerability description

How to mitigate CVE-2018-0321

Sources

Please verify you're human